This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: CHAPTER 1 F o o t p r i n t i n g 3 B efore the real fun for the hacker begins, three essential steps must be performed. This chapter will discuss the first one— footprinting —the fine art of gathering target information. For example, when thieves decide to rob a bank, they don’t just walk in and start demanding money (not the smart ones, anyway). Instead, they take great pains in gathering information about the bank—the armored car routes and delivery times, the video cameras, and the number of tellers, escape exits, and anything else that will help in a successful misadventure. The same requirement applies to successful attackers. They must harvest a wealth of information to execute a focused and surgical attack (one that won’t be readily caught). As a result, attackers will gather as much information as possible about all aspects of an organization’s security posture. Hackers end up with a unique footprint or profile of their Internet, remote access, and intranet/extranet presence. By following a structured meth- odology, attackers can systematically glean information from a multitude of sources to compile this critical footprint on any organization. WHAT IS FOOTPRINTING? The systematic footprinting of an organization enables attackers to create a complete pro- file of an organization’s security posture. By using a combination of tools and techniques, attackers can take an unknown quantity (Widget Company’s Internet connection) and re- duce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet. While there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following environments: Internet, intranet, remote access, and extranet. Table 1-1 depicts these en- vironments and the critical information an attacker will try to identify. Why Is Footprinting Necessary? Footprinting is necessary to systematically and methodically ensure that all pieces of in- formation related to the aforementioned technologies are identified. Without a sound methodology for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most arduous task of trying to determine the security posture of an entity; however, it is one of the most important. Footprinting must be performed accurately and in a con- trolled fashion. INTERNET FOOTPRINTING While many footprinting techniques are similar across technologies (Internet and intranet), this chapter will focus on footprinting an organization’s Internet connection(s). Remote access will be covered in detail in Chapter 9....
View Full Document
This note was uploaded on 08/08/2011 for the course CS 101 taught by Professor Jitenderkumarchhabra during the Summer '11 term at National Institute of Technology, Calicut.
- Summer '11
- The American